[tor-talk] Use of TBB behind a physically isolated Tor router?
Roger Dingledine
arma at mit.edu
Sun May 21 22:01:02 UTC 2017
On Sun, May 21, 2017 at 09:50:14PM +0000, CANNON wrote:
> Tor browser bundle is generally recommended for privacy due to
> its ability to blend in more with other people by having a
> commonly shared browser fingerprint.
Right. For more on what Tor Browser does (and doesn't do) at the
application layer, see
https://www.torproject.org/projects/torbrowser/design/
> The issue is however if one wishes to use tor browser bundle
> behind a transparent Tor proxy in which the Tor process is
> running on the router between the computer and LAN for better
> security.
That's one of the reasons why transparent tor proxies are bad
news. For other reasons, check out this thread from long ago:
https://lists.torproject.org/pipermail/tor-relays/2014-October/005541.html
https://lists.torproject.org/pipermail/tor-relays/2014-October/005544.html
> What is the best way to use Tor browser behind a physically
> isolated Tor router so to prevent Tor browser running on the
> computer from creating a Tor circuit inside another circuit?
The best way is to use that router as a firewall, to *prevent* any
communications that you didn't want coming out of the main computer,
rather than to scoop it all up and shove it through Tor and hope that
somehow that makes you safe.
The above posts have more details on how to do that well, and also
on why it's the better model.
(Projects like Whonix offer a variety of configurations for doing this
isolation, rather than building it yourself.)
--Roger
More information about the tor-talk
mailing list